Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle user sign up / forgot passwords / etc #202

Closed
mlissner opened this issue Apr 18, 2023 · 0 comments · Fixed by #258
Closed

Handle user sign up / forgot passwords / etc #202

mlissner opened this issue Apr 18, 2023 · 0 comments · Fixed by #258
Milestone
Little Cases

Comments

@mlissner
Copy link
Member

We'll need:

  • Sign in
    • Ideally, this uses the email address, not the username, since that regularly trips people up, but I know Django prefers usernames, so if it's hard, fine.
  • Register
    • CL has a lot of tweaks on this that are worth reviewing, ignoring the stub_account stuff.
  • Confirm email
  • Forgot password
    • Should always respond with a message saying that information has been sent, but not indicating whether the account exists.
    • If the account does not exist, we send a message to the email saying so. This should help confused people.
    • If the account does exist, we send an email to help them fix things.

A few high-level security things:

  • Nothing should reveal whether somebody has an account with bots.law unless they control the email for the account.
  • We should use @sensitive_variables and @sensitive_post_parameters on all functions we create here.
  • We should add rate-limiting wherever needed in this section of the code.
  • Anybody can sign up, I guess, but it won't get them very far until the Chat Bots are ready or we allow people to create their own Little bots. Until then, we'll just tell people to sign up, then we'll give them permission for particular channels by hand.
@mlissner mlissner added this to the Little Cases milestone Apr 18, 2023
@mlissner mlissner moved this to 🤖Bots Backlog in @erosendo's backlog Apr 18, 2023
@ERosendo ERosendo moved this from 🤖Bots Backlog to ✍🏻In Progress in @erosendo's backlog May 26, 2023
@ERosendo ERosendo mentioned this issue Jun 2, 2023
Merged
@ERosendo ERosendo moved this from ✍🏻In Progress to In Review in @erosendo's backlog Jun 5, 2023
@github-project-automation github-project-automation bot moved this from 🔎In Review to Done in @erosendo's backlog Jun 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
@erosendo's backlog
Archived in project
Milestone
Little Cases
Development

Successfully merging a pull request may close this issue.

feat(user): Adds logic to handle authentication. freelawproject/bigcases2
1 participant
@mlissner